I try to write simple midlet in java to connect with my server which
monitors processes in my PC. I've written almost everything and now
I've spend 4 days trying to set up a connection between them. Without
ssl everything works fine.
Here is my fragment of server program:
def verify_cb(conn, cert, errnum, depth, ok):
print 'Got certificate: %s' % cert.get_subject()
return ok
HOST = "192.168.1.30"
PORT = 5007 # Arbitrary non-privileged port
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ctx = SSL.Context(SSL.SSLv3_METHOD)
ctx.set_verify(SSL.VERIFY_NONE, verify_cb)
ctx.use_certificate_file('server.pem')
ctx.use_privatekey_file('server.pem')
ss = SSL.Connection(ctx,s)
ss.bind((HOST, PORT))
from src.xmlFunc import validateXml
while True :
ss.listen(1)
conn, addr = ss.accept()
print 'Connected by', addr
while True :
_data = conn.recv(1024)
print _data
if not _data: break
_data = "<request><type>req_auth</type></request>"
conn.send(_data)
conn.close()
in my client java application:
SecureConnection socket =
(SecureConnection)Connector.open("ssl://192.168.1.30:5007",Connector.READ_WRITE);
when I run server and client program the clients stops on line above.
Server accepts the connection and when I debug next line I get an
error:
[('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure') ,
('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')]
What I know is that when I use : openssl s_client -connect
192.168.1.30:5007 -ssl3
the output is:
CONNECTED(00000003)
depth=0 /C=PL/ST=slaskie/L=pszczyna/O=Internet Widgits Pty Ltd/CN=aloha
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=PL/ST=slaskie/L=pszczyna/O=Internet Widgits Pty Ltd/CN=aloha
verify return:1
---
Certificate chain
0 s:/C=PL/ST=slaskie/L=pszczyna/O=Internet Widgits Pty Ltd/CN=aloha
i:/C=PL/ST=slaskie/L=pszczyna/O=Internet Widgits Pty Ltd/CN=aloha
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDEzCCAnygAwIBAgIJALjQF38yg5s8MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNV
BAYTAlBMMRAwDgYDVQQIEwdzbGFza2llMREwDwYDVQQHEwhwc3pjenluYTEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ4wDAYDVQQDEwVhbG9oYTAe
Fw0wNjA3MjExMjE3MTJaFw0wNzA3MjExMjE3MTJaMGUxCzAJBgNVBAYTAlBMMRAw
DgYDVQQIEwdzbGFza2llMREwDwYDVQQHEwhwc3pjenluYTEhMB8GA1UEChMYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ4wDAYDVQQDEwVhbG9oYTCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAwqnpUJmd/0Osw8GxMmDAaxIrjxOqKMOwmlTO8cFG
KOFaNJsPt3J8niCwO+Wr8dyndOYVE2qGXll93Kc4hC3EiSup5VRs+ZeFcqtjBTVF
lzRFDP6VXkbUg7Y+urAVAN+tJnk4WFU/saYaaL+tXQUEqTfJZSsM+1CvJQLYojHt
BosCAwEAAaOByjCBxzAdBgNVHQ4EFgQUYJkhg0zJx4Whi6xx+Ln+goCzQfowgZcG
A1UdIwSBjzCBjIAUYJkhg0zJx4Whi6xx+Ln+goCzQfqhaaRnMGUxCzAJBgNVBAYT
AlBMMRAwDgYDVQQIEwdzbGFza2llMREwDwYDVQQHEwhwc3pjenluYTEhMB8GA1UE
ChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ4wDAYDVQQDEwVhbG9oYYIJALjQ
F38yg5s8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAfayADZebF1W5
Vgbzx0J5Y3B6QvmzshVYetfg+XKIe44G+2YKTYFZ/Db0BKpgBJLGmPzB0ZeFh++A
UcjxKrxVKCRiqCpaADSf/RY4XrYfO9d6p/zS1P6LuPgiTEzvGpXu01wtIq054EkG
K1p2KEQB9N5DWw9whYk8M3H2LGaV00E=
-----END CERTIFICATE-----
subject=/C=PL/ST=slaskie/L=pszczyna/O=Internet Widgits Pty Ltd/CN=aloha
issuer=/C=PL/ST=slaskie/L=pszczyna/O=Internet Widgits Pty Ltd/CN=aloha
---
No client certificate CA names sent
---
SSL handshake has read 985 bytes and written 329 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : SSLv3
Cipher : AES256-SHA
Session-ID:
BB7FEA77B05B6B52C7F887D7F55DD2E31022B56CA11A865BDB1D5B008CE8DB1A
Session-ID-ctx:
Master-Key:
E40115FC6FA4AB99137AE92DFAF811F20E79563846A91410172416FE0324CF253AF82722ED41A56C4C7A9F0B3460F27B
Key-Arg : None
Compression: 1 (zlib compression)
Start Time: 1154375647
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
---
I've read tons of tutorials and still have nothing what gives me the
solution of this problem.
I have Python 2.4.3 (#2, Apr 27 2006, 14:43:58)
[GCC 4.0.3 (Ubuntu 4.0.3-1ubuntu5)] with OpenSSL 0.9.8a 11 Oct 2005
Can somebody help me...
Best regards, Charles Zemanek
--
http://mail.python.org/mailman/listinfo/python-list
